Understanding the origins of mobile app vulnerabilities: A large-scale measurement study of free and paid apps

Takuya Watanabe, Mitsuaki Akiyama, Fumihiro Kanei, Eitaro Shioji, Yuta Takata, Bo Sun, Yuta Ishi, Toshiki Shibahara, Takeshi Yagi, Tatsuya Mori

研究成果: Conference contribution

22 被引用数 (Scopus)

抄録

This paper reports a large-scale study that aims to understand how mobile application (app) vulnerabilities are associated with software libraries. We analyze both free and paid apps. Studying paid apps was quite meaningful because it helped us understand how differences in app development/maintenance affect the vulnerabilities associated with libraries. We analyzed 30k free and paid apps collected from the official Android marketplace. Our extensive analyses revealed that approximately 70%/50% of vulnerabilities of free/paid apps stem from software libraries, particularly from third-party libraries. Somewhat paradoxically, we found that more expensive/popular paid apps tend to have more vulnerabilities. This comes from the fact that more expensive/popular paid apps tend to have more functionality, i.e., more code and libraries, which increases the probability of vulnerabilities. Based on our findings, we provide suggestions to stakeholders of mobile app distribution ecosystems.

本文言語English
ホスト出版物のタイトルProceedings - 2017 IEEE/ACM 14th International Conference on Mining Software Repositories, MSR 2017
出版社IEEE Computer Society
ページ14-24
ページ数11
ISBN(電子版)9781538615447
DOI
出版ステータスPublished - 2017 6月 29
イベント14th IEEE/ACM International Conference on Mining Software Repositories, MSR 2017 - Buenos Aires, Argentina
継続期間: 2017 5月 202017 5月 21

出版物シリーズ

名前IEEE International Working Conference on Mining Software Repositories
ISSN(印刷版)2160-1852
ISSN(電子版)2160-1860

Other

Other14th IEEE/ACM International Conference on Mining Software Repositories, MSR 2017
国/地域Argentina
CityBuenos Aires
Period17/5/2017/5/21

ASJC Scopus subject areas

  • コンピュータ サイエンスの応用
  • ソフトウェア

フィンガープリント

「Understanding the origins of mobile app vulnerabilities: A large-scale measurement study of free and paid apps」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル